Risk managers take centre stage managing cyber risk

08 January 2019

Two comprehensive surveys have placed cyber threats at the top of the corporate risk agenda, with risk managers taking a central role in managing threats associated with technology transformation and cyber.

The biennial survey of risk managers from the Federation of European Risk Management Associations (FERMA) has ranked cyber as the top threat for risk managers, up from sixth place two years ago. The report follows a study from the World Economic Forum (WEF) that identified cyber as the biggest risk when doing business in advanced economies.

According to WEF, cyber attacks were considered the top risk in Europe, Asia Pacific and North America. Globally, cyber was the fifth most concerning global risk for business, up from last year’s eighth position. The increased ranking reflects growing reliance of global commerce on digital networks, as well as the increasing sophistication, prevalence and size of attacks, WEF says in its Regional Risks for Doing Business report.

Cyber attacks are more likely to be considered the biggest risk when doing business in advanced economies - of the 19 countries that ranked it number one, 14 were from Europe and North America. However, cyber was also ranked top in India, Indonesia, Japan, Singapore and the United Arab Emirates.

In Europe, cyber is ranked number one in 12 countries - including Germany and the UK - after the number of cyber attacks across the region increased by around a third in the first quarter of 2018. Cyber attacks are also the leading risk when doing business across East Asia and the Pacific, reflecting the rapid pace of digitisation and the increasing sophistication of the region’s economies, WEF says.


Looking back, 2017 is likely to be seen as a “watershed year” in terms of understanding the world’s vulnerability to cyber attacks, says WEF. The year witnessed a number of massive cyber attacks, including WannaCry and NotPetya, which caused extensive operational disruption and financial losses for organisations around the world.

The closely related risk of “data fraud or theft” is also a concern. The risk is ranked third overall in the US, where a majority of the population (65%) has already experienced a personal data breach, according to the Pew Research Center. The costliest data breach to date occurred during 2017, following the breach of 143 million Equifax customers’ personal data, which is expected to cost up to USD 600 million.

 Sign up to our latest  news & insights Sign up to our latest  news & insights


With executives ranking cyber as a top risk, it should be no surprise that FERMA’s biennial survey of risk managers found cyber has become a more important issue for risk and insurance managers.

The survey, which polled over 700 risk managers in 29 countries, ranked cyber as the number one risk facing European risk and insurance managers; jumping six places from when the poll was last conducted in 2016.

Overall, the survey found that risk managers are taking a broader and more central role in managing risk; working more closely with the board, senior management and across the main corporate functions. The survey also found that risk managers are beginning to make greater use of technology to understand risk - 44% of the risk managers polled are using data analytics. This shift is in part a reflection of the digitisation of business, which calls on risk managers to assist their organisations in managing the risks, and opportunities for technology disruption, FERMA says.

According to FERMA, disruptive technology is an important driver for the changing role of risk managers, which makes them leading stakeholders in corporate digital transformation. Some 37% of risk managers are involved in the assessment of risks relating to new technologies, while almost a quarter (24%) of those polled analyse and remediate insurance coverage gaps associated with technology.

The survey shows that risk managers are becoming the main coordinators of risk management within their organisations, collaborating with departments like IT, cyber security and business continuity. Some 65% of risk managers now see themselves as “risk conductors”, consolidating information from other risk-related functions to give a clear and comprehensive view to top management.

Interestingly, risk managers are now seen as central to managing IT and cyber security risks, which was not the case two years ago, says FERMA. The survey found that IT managers now feature among risk managers’ first rank of partners, on par with legal, operations, finance and human resources.

Download Cyber Decoder

For more information please contact Sarah Stephens, Head of Cyber on +44 (0)203 394 0486.